Malware Analysis Report

2024-09-09 17:48

Sample ID 240613-nrczds1dmj
Target a555ebf2f5ce3c0eb994fe672d48ecb0_JaffaCakes118
SHA256 4931f68610fab62c71677ae18c05b4465ee765be96633356ac3d32d10276cf7b
Tags
discovery evasion persistence impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4931f68610fab62c71677ae18c05b4465ee765be96633356ac3d32d10276cf7b

Threat Level: Likely malicious

The file a555ebf2f5ce3c0eb994fe672d48ecb0_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence impact

Checks if the Android device is rooted.

Queries information about running processes on the device

Loads dropped Dex/Jar

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:37

Reported

2024-06-13 11:40

Platform

android-x86-arm-20240611.1-en

Max time kernel

69s

Max time network

184s

Command Line

com.hudun.identificationphoto

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.hudun.identificationphoto

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hudun.identificationphoto/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hudun.identificationphoto/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ls /sys/class/thermal

com.hudun.identificationphoto:core

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 nim.qiyukf.com udp
CN 59.111.205.2:443 nim.qiyukf.com tcp
CN 59.111.205.2:443 nim.qiyukf.com tcp
US 1.1.1.1:53 qy-swallow.qiyukf.com udp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
GB 216.58.212.202:443 tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp

Files

/data/data/com.hudun.identificationphoto/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.hudun.identificationphoto/.jiagu/classes.dex

MD5 ceae35e95316f030b6ab2f86091db51a
SHA1 d84cc76cc35a5a43de1baa33df32f9fba7fd4f56
SHA256 6b003f9f8d4f75c74b75ddd57c7451182648f4762646a1072e724bb48a74ea64
SHA512 aede268e5a78ab507f01ce0667f94212092cb95ce191a1ea0ffabe0f15a0c6886b10ac5dcd3caf34d983fa86a91d0bc4f8856fabd3959b8b56e1691df008bbd5

/data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex

MD5 5db579c33fe91c04bfd9cb60b53aaae8
SHA1 f8802298308840e0eeb48ff55bbbb4bb673b1615
SHA256 5ce8e1a155dc7d3f3adbb62980b2aade2e3fc7c4f12fcba05a8a177a5fde3875
SHA512 7d44eeed46a768a5a4830e598ee713c5ff27ced69bba0f8a3380213591637ba21b70e04f6076fa294a82708e781117c1d729f51af6e8bafda93a7c28ba72559a

/data/data/com.hudun.identificationphoto/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/storage/emulated/0/Android/data/com.hudun.identificationphoto/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.hudun.identificationphoto/unicorn#cheese#

MD5 72da0d88afb6e05794c1b00f3b537e9b
SHA1 b1b136766e6d8aa067c5b6dfef275a4506203291
SHA256 99c02c409422a6c608d48b71777e01befbc715cde070db8f50b606e0eedec282
SHA512 d0fb23a719467cf9b8cac51ead2eb1c314cb50f0ad6d382a7a917b3771a049e55e340563e724b8bf0dee5d187ba3959976fa41100cf3adc73030e02c0b55c669

/storage/emulated/0/Android/data/com.hudun.identificationphoto/files/com.qiyukf.unicorn/log/tmp_u_20240613

MD5 fcd6bcb56c1689fcef28b57c22475bad
SHA1 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961
SHA256 de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31
SHA512 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 11:37

Reported

2024-06-13 11:40

Platform

android-x64-20240611.1-en

Max time kernel

71s

Max time network

184s

Command Line

com.hudun.identificationphoto

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.hudun.identificationphoto

com.hudun.identificationphoto:core

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 nim.qiyukf.com udp
CN 59.111.205.2:443 nim.qiyukf.com tcp
CN 59.111.205.2:443 nim.qiyukf.com tcp
US 1.1.1.1:53 qy-swallow.qiyukf.com udp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp

Files

/data/data/com.hudun.identificationphoto/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.hudun.identificationphoto/.jiagu/libjiagu_64.so

MD5 13610e81080fa6bd4c3e04fa41b7d156
SHA1 2dce460de6535599432e4b747589fec4352c25c7
SHA256 42e32fefd12113b9008fa2d3bcfb2d42914a9f958815b14a2745b5172f4c59fa
SHA512 f0eec094c7ebaed28424fa906a73e928843a015a341d36e935bad0ce441fc305b4614618879fc4721406ee1197c91302ba83d16122fb381789acb2cbc0824d23

/data/data/com.hudun.identificationphoto/.jiagu/classes.dex

MD5 ceae35e95316f030b6ab2f86091db51a
SHA1 d84cc76cc35a5a43de1baa33df32f9fba7fd4f56
SHA256 6b003f9f8d4f75c74b75ddd57c7451182648f4762646a1072e724bb48a74ea64
SHA512 aede268e5a78ab507f01ce0667f94212092cb95ce191a1ea0ffabe0f15a0c6886b10ac5dcd3caf34d983fa86a91d0bc4f8856fabd3959b8b56e1691df008bbd5

/data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex

MD5 5db579c33fe91c04bfd9cb60b53aaae8
SHA1 f8802298308840e0eeb48ff55bbbb4bb673b1615
SHA256 5ce8e1a155dc7d3f3adbb62980b2aade2e3fc7c4f12fcba05a8a177a5fde3875
SHA512 7d44eeed46a768a5a4830e598ee713c5ff27ced69bba0f8a3380213591637ba21b70e04f6076fa294a82708e781117c1d729f51af6e8bafda93a7c28ba72559a

/storage/emulated/0/Android/data/com.hudun.identificationphoto/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.hudun.identificationphoto/unicorn#cheese#

MD5 72da0d88afb6e05794c1b00f3b537e9b
SHA1 b1b136766e6d8aa067c5b6dfef275a4506203291
SHA256 99c02c409422a6c608d48b71777e01befbc715cde070db8f50b606e0eedec282
SHA512 d0fb23a719467cf9b8cac51ead2eb1c314cb50f0ad6d382a7a917b3771a049e55e340563e724b8bf0dee5d187ba3959976fa41100cf3adc73030e02c0b55c669

/storage/emulated/0/Android/data/com.hudun.identificationphoto/files/com.qiyukf.unicorn/log/tmp_u_20240613

MD5 fcd6bcb56c1689fcef28b57c22475bad
SHA1 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961
SHA256 de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31
SHA512 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 11:37

Reported

2024-06-13 11:40

Platform

android-x64-arm64-20240611.1-en

Max time kernel

155s

Max time network

180s

Command Line

com.hudun.identificationphoto

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.hudun.identificationphoto

com.hudun.identificationphoto:core

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 nim.qiyukf.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
CN 59.111.205.2:443 nim.qiyukf.com tcp
CN 59.111.205.2:443 nim.qiyukf.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 qy-swallow.qiyukf.com udp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp

Files

/data/user/0/com.hudun.identificationphoto/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/user/0/com.hudun.identificationphoto/.jiagu/libjiagu_64.so

MD5 75aa14a4c9889fc246296e70174ce813
SHA1 8b2521d2ec518cd54b0496394f8606435534b25f
SHA256 814aba257c41bb27b492a5ffa91efee3a304d9fd16ea0804820350cf7836a389
SHA512 75df7ce90e35c36970eadd0076d1abb3c85762d181ba8ee09e4bc5650d9e73ae636d126eed8030017a0d118443388f65a3af3e80646682ccc8768643ab2f4aa6

/data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex

MD5 ceae35e95316f030b6ab2f86091db51a
SHA1 d84cc76cc35a5a43de1baa33df32f9fba7fd4f56
SHA256 6b003f9f8d4f75c74b75ddd57c7451182648f4762646a1072e724bb48a74ea64
SHA512 aede268e5a78ab507f01ce0667f94212092cb95ce191a1ea0ffabe0f15a0c6886b10ac5dcd3caf34d983fa86a91d0bc4f8856fabd3959b8b56e1691df008bbd5

/data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex

MD5 5db579c33fe91c04bfd9cb60b53aaae8
SHA1 f8802298308840e0eeb48ff55bbbb4bb673b1615
SHA256 5ce8e1a155dc7d3f3adbb62980b2aade2e3fc7c4f12fcba05a8a177a5fde3875
SHA512 7d44eeed46a768a5a4830e598ee713c5ff27ced69bba0f8a3380213591637ba21b70e04f6076fa294a82708e781117c1d729f51af6e8bafda93a7c28ba72559a

/data/user/0/com.hudun.identificationphoto/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/user/0/com.hudun.identificationphoto/unicorn#cheese#

MD5 72da0d88afb6e05794c1b00f3b537e9b
SHA1 b1b136766e6d8aa067c5b6dfef275a4506203291
SHA256 99c02c409422a6c608d48b71777e01befbc715cde070db8f50b606e0eedec282
SHA512 d0fb23a719467cf9b8cac51ead2eb1c314cb50f0ad6d382a7a917b3771a049e55e340563e724b8bf0dee5d187ba3959976fa41100cf3adc73030e02c0b55c669

/storage/emulated/0/Android/data/com.hudun.identificationphoto/files/com.qiyukf.unicorn/log/tmp_u_20240613 (deleted)

MD5 fcd6bcb56c1689fcef28b57c22475bad
SHA1 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961
SHA256 de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31
SHA512 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a70a346d731be14527f8a10c24a6474f
SHA1 1deada2f3d790332ee6172528d27f692f5aa3ca1
SHA256 95bc9e05c125fa28a11388a5a8299277d8ce56b59c6d2f19edd95c2beb092dd5
SHA512 6e4465f90c04a840b50ffb93d76f5dc6c6f4f4724b63be1dd6462956ab3275f520c4fa20fe76aa182fdfefdd0a7ba859d2ce851ca867f9e91989218c5b3f5463

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 9fd71c52cb209aadea377ae325944ffa
SHA1 8156001de6c6b836967fe2c300e9d308e170c6d3
SHA256 4455ff0e3c26b5a36f4a28b14aa51d7a2366f0ee6f5ad98a921b259b7d205146
SHA512 c9db5bcee8972afcee2a5ea04a2c8b216a5302d44dc5960e4fef47999136cf8d355e45e8e185640c095306ea63b15d0110d0a9544596fe4f84db85cb8e7329cc

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 00e9bda2692c85ade2f1cc3c60d273e3
SHA1 c8c37825db03473732232bc6394d933c755dcf57
SHA256 ead8de11112438e529725d703e2e62a9a0e0d6668f1eecadd9f74355b31ad135
SHA512 86b13d10185d657647504d5acd8433c097b8a1263220427f8ccac0c623feffc00bcdff3cc974e29f54b73dea5968e6004132d297f302598d7ce96f740b99f538

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 7aa5abd8ed6523d9d005d3acc9495729
SHA1 92cb2093e63f16d51a1c4b6966a4f90f49816857
SHA256 2a0b525ef800e9f3148afc6fa786798532a5638fabc1be405d17eb702efa5760
SHA512 6d9b0fe9559e15bc2293ecd32d0cee1d5fd6d41c4eda16aac30ebd79e14f8a65e7db669729d4f364b1b56197757743d11f79aab9ad44ab2d710ea5a66218133f

/data/user/0/com.hudun.identificationphoto/files/umeng_it.cache

MD5 ecb796a002ac6a87bf0d6d84ed3f80a1
SHA1 dd4072725e5d55c7551de6bedbce50e4610dc691
SHA256 f12edd4990845bc9d82e521bc62613772f41624da7a4e8d07da9c0c250736f38
SHA512 a5846894394991b3c44821a38ec222b8ec564ba51db3ae9dbac144ee07383155ccd16988ce11854e59f5d2fb50dcce6d065ad0ede522f5e4dc0e74f31348fee3

/data/user/0/com.hudun.identificationphoto/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4Mjc4NjY3MTg0

MD5 e8f8159ca09a6936ccee94a7f6c61623
SHA1 853d91d17e55fa329f2dff8c93ecde152cfe6774
SHA256 e4d804aac8ff5c2c0cf922f219a061606cba07479624fed2d07bc8ae69ae72a8
SHA512 700f58aa30657534d79134f0fc2dd72dc9e1a0e6e0a63c9e2fcab13e79feec636ee463ec414b076f5fd4d0a03ede121d67d18af2421d2e800bf7c337bf68b20b